Beruflich Dokumente
Kultur Dokumente
National
Information Assurance (IA)
Glossary
CHAIR
FOREW
National Manager
FOREWORD
1. The Committee on National Security Systems (CNSS) Glossary Working Group convened to
review and update the National Information Assurance Glossary, CNSSI 4009, dated June 2006. This
revision of CNSSI 4009 incorporates many new terms submitted by the CNSS Membership. Most of
the terms from the 2006 version of the Glossary remain, but a number of them have updated definitions
in order to remove inconsistencies among the communities.
2. The Glossary Working Group set several overall objectives for itself in producing this version:
Resolve differences between the definitions of terms used by the DOD, IC, and Civil
Agencies (NIST Glossary) to enable all three to use the same glossary (and move towards shared
documentation and processes).
Accommodate the transition from Certification and Accreditation (C&A) terms in current
use to the terms now appearing in documents produced by the C&A Transformation initiative. Both sets
of terms have been included in this update of the glossary.
Ensure consistency among related and dependent terms.
Include terms that are important to the risk management goal of C&A transformation and to
the concept of information sharing.
Review existing definitions to reflect, as appropriate a broader enterprise perspective vice a
system perspective.
Strike an appropriate balance between macro terms and micro terms (i.e., include terms that
are useful in writing and understanding documents dealing with IA policies, directives, instructions, and
guidance, and strike terms that are useful only to specific IA subspecialties).
3. Many cyber terms are coming into vogue and the Glossary Working Group has tried to include
significant examples that have a useful distinction when compared to existing Information Assurance
terms. A number of terms recommended for inclusion in this version of the glossary were not added
often because they appeared to have a narrow application or they were submitted after the deadline. But
the net affect has been to add quite a few new terms to the glossary.
4. When glossary terms have common acronyms, we have noted the acronym with the term and
added the acronym to the acronym list. In some instances, there may be several meanings for the same
acronym, and in that case we have tried to list all the common IA meanings. Note that some acronyms
are self-explanatory, and so there is no definition of these acronyms in the glossary itself.
5. Some terms from the previous version were deleted because they had been previously marked
as candidates for deletion (C.F.D.) and no one asked to keep them, many other terms have been updated
or added, and some terms are newly identified as C.F.D. If a term that has been deleted or marked as
C.F.D. is still of value and needed in your environment, please resubmit the term with a definition based
on the following criteria: 1) specific relevance to Information Assurance; 2) economy of words; 3)
accuracy; 4) broad applicability; and 5) clarity. Use these same criteria to recommend any changes to
existing definitions or to suggest new terms (definitions must be included with any new terms). When
recommending a change to an existing definition, please note how that change might affect other terms.
In all cases, send your suggestions to the CNSS Secretariat via e-mail or fax at the number found below.
6. We recognize that, to remain useful, a glossary must be in a continuous state of coordination,
and we encourage your review and welcome your comments as new terms become significant and old
terms fall into disuse or change meaning. The goal of the Glossary Working Group is to keep the
Glossary relevant and a tool for commonality among the IA community.
7. Representatives of the CNSS may obtain copies of this instruction on the CNSS Web Page
www.cnss.gov.
/s/
RICHARD C. SCHAEFFER, JR.
This instruction applies to all U.S. Government Departments, Agencies, Bureaus and Offices;
supporting contractors and agents; that collect, generate process, store, display, transmit or receive
classified or sensitive information or that operate, use, or connect to National Security Systems (NSS),
as defined herein.
A
access
access authority
An entity responsible for monitoring and granting access privileges for other
authorized entities.
access control
access level
access list
access profile
Association of a user with a list of protected objects the user may access.
access type
accountability
Numeric code used to indicate the minimum accounting controls required for
items of accountable COMSEC material within the COMSEC Material
Control System.
accounting number
accreditation
accreditation boundary
accreditation package
Accrediting Authority
active attack
active content
add-on security
adequate security
Security commensurate with the risk and magnitude of harm resulting from the
loss, misuse, or unauthorized access to or modification of information.
Note: This includes assuring that information systems operate effectively and
provide appropriate confidentiality, integrity, and availability, through the use
of cost-effective management, personnel, operational, and technical controls.
advisory
alert
anti-jam
anti-spoof
application
Software program that performs a specific function directly for a user and can
be executed without access to system control, monitoring, or administrative
privileges.
asset
assurance
The ability to confidently share information with those who need it, when and
where they need it, as determined by operational need and an acceptable level
of security risk.
assured software
Computer application that has been designed, developed, analyzed and tested
using processes, tools, and techniques that establish a level of confidence in it.
asymmetric cryptography
attack
Any kind of malicious activity that attempts to collect, disrupt, deny, degrade,
or destroy information system resources or the information itself.
attack signature
Access control based on attributes associated with and about subjects, objects,
targets, initiators, resources, or the environment. An access control rule set
defines the combination of attributes under which an access may take place.
attribute-based authorization
audit
audit log
audit trail
authenticate
authentication
authentication mechanism
authentication period
authentication protocol
authenticator
The means used to confirm the identity of a user, process, or device (e.g., user
password or token).
authenticity
The property of being genuine and being able to be verified and trusted;
confidence in the validity of a transmission, a message, or message originator.
See Authentication.
authority
authorization
authorization boundary
authorized vendor
Authorizing Official
availability
B
back door
backup
banner
Display on an information system that sets parameters for system or data use.
baseline
bastion host
benign environment
binding
biometrics
bit
Ratio between the number of bits incorrectly received and the total number of
bits transmitted in a telecommunications system.
BLACK
black core
blacklisting
blended attack
Blue Team
The set of data that documents the information systems adherence to the
security controls applied. The BoE will include a Requirements Verification
Traceability Matrix (RVTM) delineating where the selected security controls
are met and evidence to that fact can be found. The BoE content required by
an Authorizing Official will be adjusted according to the impact levels
selected.
boundary
boundary protection
browsing
buffer overflow
A condition at an interface under which more input can be placed into a buffer
or data holding area than the capacity allocated, overwriting other information.
Attackers exploit such a condition to crash a system or to insert specially
crafted code that allows them to gain control of the system.
bulk encryption
C
call back
canister
cascading (C.F.D.)
category
The Key Management Infrastructure core node that provides central security
management and data management services.
certificate
certificate management
certificate-related information
certification
certification analyst
The independent technical liaison for all stakeholders involved in the C&A
process responsible for objectively and independently evaluating a system as
part of the risk management process. Based on the security requirements
documented in the security plan, performs a technical and non-technical
review of potential vulnerabilities in the system and determines if the security
controls (management, operational, and technical) are correctly implemented
and effective.
certification package
certifier
chain of custody
chain of evidence
A process and record that shows who obtained the evidence; where and when
the evidence was obtained; who secured the evidence; and who had control or
possession of the evidence. The sequencing of the chain of evidence follows
this order: collection and identification; analysis; storage; preservation;
presentation in court; return to owner.
10
check word
checksum
Agency official responsible for: 1) providing advice and other assistance to the
head of the executive agency and other senior management personnel of the
agency to ensure that information systems are acquired and information
resources are managed in a manner that is consistent with laws, Executive
Orders, directives, policies, regulations, and priorities established by the head
of the agency; 2) developing, maintaining, and facilitating the implementation
of a sound and integrated information system architecture for the agency; and
3) promoting the effective and efficient design and operation of all major
information resources management processes for the agency, including
improvements to work processes of the agency.
Note: Organizations subordinate to federal agencies may use the term Chief
Information Officer to denote individuals filling positions with similar security
responsibilities to agency-level Chief Information Officers.
cipher
Cryptographic logic that uses previous cipher text to generate a key stream.
cipher text/ciphertext
ciphony (C.F.D.)
claimant
classified information
Security incident that occurs whenever classified data is spilled either onto an
unclassified information system or to an information system with a lower level
of classification.
clearance
11
clearing
Removal of data from an information system, its storage devices, and other
peripheral devices with storage capacity, in such a way that the data may not
be reconstructed using common system capabilities (i.e., through the
keyboard); however, the data may be reconstructed using laboratory methods.
client (C.F.D.)
closed storage
cloud computing
code
code book
code group
code vocabulary
Set of plain text words, numerals, phrases, or sentences for which code
equivalents are assigned in a code system.
12
cold site
Backup site that can be up and operational in a relatively short time span, such
as a day or two. Provision of services, such as telephone lines and power, is
taken care of, and the basic office furniture might be in place, but there is
unlikely to be any computer equipment, even though the building might well
have a network infrastructure and a room ready to act as a server room. In
most cases, cold sites provide the physical location and basic services.
command authority
Relationship between NSA and industry in which NSA provides the COMSEC
expertise (i.e., standards, algorithms, evaluations, and guidance) and industry
provides design, development, and production capabilities to produce a type 1
or type 2 product. Products developed under the CCEP may include modules,
subsystems, equipment, systems, and ancillary devices.
common control
Common Criteria
communications cover
communications deception
communications profile
13
community risk
compartmentalization
Mode of operation wherein each user with direct or indirect access to a system,
its peripherals, remote terminals, or remote hosts has all of the following: 1)
valid security clearance for the most restricted information processed in the
system, 2) formal access approval and signed nondisclosure agreements for
that information which a user is to have access, and 3) valid need-to-know for
information which a user is to have access.
compromise
compromising emanations
computer abuse
computer cryptography
Computer Forensics
14
Actions taken through the use of computer networks to disrupt, deny, degrade,
or destroy information resident in computers and computer networks, or the
computers and networks themselves.
See Incident.
COMSEC account
15
COMSEC aid
COMSEC assembly
COMSEC boundary
COMSEC custodian
COMSEC demilitarization
COMSEC element
COMSEC end-item
COMSEC equipment
COMSEC facility
COMSEC incident
COMSEC insecurity
COMSEC manager
16
COMSEC material
COMSEC module
COMSEC monitoring
COMSEC profile
COMSEC survey
COMSEC training
confidentiality
configuration control
17
contamination
contingency key
Key held for use under specific operational conditions or in support of specific
contingency plans. See reserve keying material.
contingency plan
continuous monitoring
The process implemented to maintain a current security status for one or more
information systems or for the entire suite of information systems on which the
operational mission of the enterprise depends. The process includes: 1) The
development of a strategy to regularly evaluate selected IA controls/metrics, 2)
Recording and evaluating IA relevant events and the effectiveness of the
enterprise in dealing with those events, 3) Recording changes to IA controls,
or changes that affect IA risks, and 4) Publishing the current security status to
enable information sharing decisions involving the enterprise.
Physical area (e.g., building, room, etc.) to which only authorized personnel
are granted unrestricted access. All other personnel are either escorted by
authorized personnel or are under continuous surveillance.
controlled area
Any area or space for which the organization has confidence that the physical
and procedural protections provided are sufficient to meet the requirements
established for protecting the information and/or information system.
18
Part of a Controlled Cryptographic Item (CCI) that does not perform the entire
COMSEC function but depends upon the host equipment, or assembly, to
complete and operate the COMSEC function.
controlled interface
A boundary with a set of mechanisms that enforces the security policies and
controls the flow of information between interconnected information systems.
controlled space
controlling authority
cookie
Data exchanged between an HTTP server and a browser (a client of the server)
to store state information on the client side and retrieve it later for server use.
correctness proof
countermeasure
19
covert channel
Determination of the extent to which the security policy model and subsequent
lower-level program descriptions may allow unauthorized access to
information.
credential
A trusted entity that issues or registers subscriber tokens and issues electronic
credentials to subscribers. The CSP may encompass registration authorities
and verifiers that it operates. A CSP may be an independent third party, or
may issue credentials for its own use.
critical infrastructure
System and assets, whether physical or virtual, so vital to the U.S. that the
incapacity or destruction of such systems and assets would have a debilitating
impact on security, national economic security, national public health or
safety, or any combination of those matters.
criticality level
The set of functions that enable the transfer of information between security
domains in accordance with the policies of the security domains involved.
cross-certificate
20
cryptanalysis
cryptographic
cryptographic alarm
cryptographic algorithm
cryptographic binding
cryptographic component
cryptographic equipment
cryptographic initialization
Function used to set the state of a cryptographic logic prior to key generation,
encryption, or other operating mode.
cryptographic logic
cryptographic net
cryptographic period
cryptographic product
21
cryptographic randomization
cryptographic security
cryptographic synchronization
cryptographic system
cryptographic token
cryptography
Art or science concerning the principles, means, and methods for rendering
plain information unintelligible and for restoring encrypted information to
intelligible form.
cryptology
cyber attack
cyber incident
Actions taken through the use of computer networks that result in an actual or
potentially adverse effect on an information system and/or the information
residing therein. See incident.
cybersecurity
The ability to protect or defend the use of cyberspace from cyber attacks.
cyberspace
22
D
data
data aggregation
Compilation of individual data systems and data that could result in the totality
of the information being classified, or classified at a higher level, or of
beneficial use to an adversary.
data asset
data element
A basic unit of information that has a unique meaning and subcategories (data
items) of distinct value. Examples of data elements include gender, race, and
geographic location.
data integrity
The property that data has not been changed, destroyed, or lost in an
unauthorized or accidental manner.
The process of verifying that the source of the data is as claimed and that the
data has not been modified.
decertification
decipher
decode
decrypt
23
Information systems security mode of operation wherein each user, with direct
or indirect access to the system, its peripherals, remote terminals, or remote
hosts, has all of the following: 1) valid security clearance for all information
within the system, 2) formal access approval and signed nondisclosure
agreements for all the information stored and/or processed (including all
compartments, subcompartments, and/or special access programs), and 3)
valid need-to-know for all information contained within the information
system. When in the dedicated security mode, a system is specifically and
exclusively dedicated to and controlled for the processing of one particular
type or classification of information, either for full-time operation or for a
specified period of time.
default classification
Defense-in-Breadth
Defense-in-Depth
degauss
deleted file
A file that has been logically, but not necessarily physically, erased from the
operating system, perhaps to eliminate potentially incriminating evidence.
Deleting files does not always necessarily eliminate the possibility of
recovering all or part of the original data.
The prevention of authorized access to resources or the delaying of timecritical operations. (Time-critical may be milliseconds or it may be hours,
depending upon the service provided.)
24
digital signature
A means of restricting access to objects (e.g., files, data entities) based on the
identity and need-to-know of subjects (e.g., users, processes) and/or groups to
which the object belongs. The controls are discretionary in the sense that a
subject with a certain access permission is capable of passing that permission
(perhaps indirectly) on to any other subject (unless restrained by mandatory
access control).
disruption
distinguishing identifier
A Denial of Service technique that uses numerous hosts to perform the attack.
25
domain
E
e-government (e-gov)
The use by the U.S. Government of web-based Internet applications and other
information technology.
electronic credentials
electronic signature
The process of applying any mark in electronic form with the intent to sign a
data object. See also digital signature.
26
encipher
enclave
enclave boundary
encode
encrypt (C.F.D.)
encryption
The process of changing plaintext into ciphertext for the purpose of security or
privacy.
encryption algorithm
end-item accounting
end-to-end encryption
end-to-end security
enrollment manager
enterprise
27
enterprise service
entrapment (C.F.D.)
environment (C.F.D.)
erasure
List of validated products that have been successfully evaluated under the
National Information Assurance Partnership (NIAP) Common Criteria
Evaluation and Validation Scheme (CCEVS).
event
Executive Agency
exploitable channel
28
external network
extranet
F
fail safe
failover
failure access
failure control
false acceptance
The measure of the likelihood that the biometric security system will
incorrectly accept an access attempt by an unauthorized user. A systems false
acceptance rate typically is stated as the ratio of the number of false
acceptances divided by the number of identification attempts.
false rejection
The measure of the likelihood that the biometric security system will
incorrectly reject an access attempt by an authorized user. A systems false
rejection rate typically is stated as the ratio of the number of false rejections
divided by the number of identification attempts.
29
A standard for adoption and use by Federal agencies that has been developed
within the Information Technology Laboratory and published by the National
Institute of Standards and Technology, a part of the U.S. Department of
Commerce. A FIPS covers some topic in information technology in order to
achieve a common level of quality or some level of interoperability.
A statute (Title III, P.L. 107-347) that requires agencies to assess risk to
information systems and provide information security protections
commensurate with the risk. FISMA also requires that agencies integrate
information security into their capital planning and enterprise architecture
processes, conduct annual information systems security reviews of all
programs and systems, and report the results of those reviews to OMB.
file protection
fill device
COMSEC item used to transfer or store key in electronic form or to insert key
into cryptographic equipment.
FIREFLY
firewall
firmware
flaw (C.F.D.)
30
flooding
forensic copy
forensics
frequency hopping
G
gateway
31
group authenticator
Guard (system)
H
hacker
handshaking procedures
Physical keying material, such as printed key lists, punched or printed key
tapes, or programmable, read-only memories (PROM).
hardware
hardwired key
hash value/result
32
hashing
hashword (C.F.D.)
A guard that has two basic functional capabilities: a Message Guard and a
Directory Guard. The Message Guard provides filter service for message
traffic traversing the Guard between adjacent security domains. The Director
Guard provides filter service for directory access and updates traversing the
Guard between adjacent security domains.
high impact
high-impact system
honeypot
A system (e.g., a web server) or system resource (e.g., a file on a server) that is
designed to be attractive to potential crackers and intruders and has no
authorized users other than its administrators.
hot site
Backup site that includes phone systems with the phone lines already
connected. Networks will also be in place, with any necessary routers and
switches plugged in and turned on. Desks will have desktop PCs installed and
waiting, and server areas will be replete with the necessary hardware to
support business-critical functions. Within a few hours, a hot site can become
a fully functioning element of an organization.
I
IA architecture
IA infrastructure
33
IA product
Product or technology whose primary role is not security, but which provides
security services as an associated feature of its intended operating capabilities.
Examples include such products as security-enabled web browsers, screening
routers, trusted operating systems, and security-enabled messaging systems.
IA-enabled product
Product whose primary role is not security, but provides security services as an
associated feature of its intended operating capabilities.
Note: Examples include such products as security-enabled web browsers,
screening routers, trusted operating systems, and security enabling messaging
systems.
identification
An act or process that presents an identifier to a system so that the system can
recognize a system entity (e.g., user, process, or device) and distinguish that
entity from all others.
identifier
identity
identity registration
identity token
Smart card, metal key, or other physical object used to authenticate identity.
impact level
The magnitude of harm that can be expected to result from the consequences
of unauthorized disclosure of information, unauthorized modification of
information, unauthorized destruction of information, or loss of information or
information system availability.
implant
34
inadvertent disclosure
incident
System flaw that exists when the operating system does not check all
parameters fully for accuracy and consistency, thus making the system
vulnerable to penetration.
Entity that reviews the soundness of independent tests and system compliance
with all stated security controls and risk mitigation actions. IVAs will be
designated by the Authorizing Official as needed.
indicator
individual accountability
Ability to associate positively the identity of a user with the time, method, and
degree of access to an information system.
information
Individual who works IA issues and has real world experience plus appropriate
IA training and education commensurate with their level of IA responsibility.
35
information domain
information environment
information management
information owner
information resources
36
information security
information steward
37
information type
information value
inheritance
initialize (C.F.D.)
inside(r) threat
An entity with authorized access (i.e., within the security domain) that has the
potential to harm an information system or enterprise through destruction,
disclosure, modification of data, and/or denial of service.
integrity
38
intellectual property
Creations of the mind such as musical, literary, and artistic works; inventions;
and symbols, names, images, and designs used in commerce, including
copyrights, trademarks, patents, and related rights. Under intellectual property
law, the holder of one of these abstract properties has certain exclusive
rights to the creative work, commercial symbol, or invention by which it is
covered.
interface
internal network
Internet
intranet
39
intrusion
System that can detect an intrusive activity and can also attempt to stop the
activity, ideally before it reaches its targets.
IP Security (IPSec)
Explains proper rules of behavior for the use of agency information systems
and information. The program communicates IT security policies and
procedures that need to be followed. (i.e., NSTISSD 501, NIST SP 800-50)
J
jamming
K
key
key escrow
1.
2.
40
key establishment
key exchange
key list
Printed series of key settings for a specific cryptonet. Key lists may be
produced in list, pad, or printed tape format.
key loader
key management
The activities involving the handling of cryptographic keys and other related
security parameters (e.g., IVs and passwords) during the entire life cycle of the
keys, including their generation, storage, establishment, entry and output, and
zeroization.
All parts computer hardware, firmware, software, and other equipment and
its documentation; facilities that house the equipment and related functions;
and companion standards, policies, procedures, and doctrine that form the
system that manages and supports the ordering and delivery of cryptographic
material and related information products and services to users.
key pair
A public key and its corresponding private key; a key pair is used with a public
key algorithm.
key recovery
key stream
key tag
key tape
Punched or magnetic tape containing key. Printed key in tape form is referred
to as a key list.
41
key transport
key updating
Key-Auto-Key (KAK)
Key-Encryption-Key (KEK)
keying material
keystroke monitoring
The process used to view or record both the keystrokes entered by a computer
user and the computers response during an interactive session. Keystroke
monitoring is usually considered a special case of audit trails.
KMI-Aware Device
A user device that has a user identity for which the registration has
significance across the entire KMI (i.e., the identitys registration data is
maintained in a database at the PRSN level of the system, rather than only at
an MGC) and for which a product can be generated and wrapped by a PSN for
distribution to the specific device.
KOA Agent
KOA Manager
The Management Role that is responsible for the operation of one or KOAs
(i.e., manages distribution of KMI products to the end cryptographic units, fill
devices, and ADPs that are assigned to the managers KOA).
L
label
Access control protection features of a system that use security labels to make
access control decisions.
42
least privilege
The principle that a security architecture should be designed so that each entity
is granted the minimum system resources and authorizations that the entity
needs to perform its function.
least trust
likelihood of occurrence
line conditioning
line conduction
link encryption
list-oriented (C.F.D.)
Information system protection in which each protected object has a list of all
subjects authorized to access it.
local access
43
local authority
Organization responsible for generating and signing user certificates in a PKIenabled environment.
logic bomb
A piece of code intentionally inserted into a software system that will set off a
malicious function when specified conditions are met.
Means for assessing the effectiveness and degree to which a set of security and
access control mechanisms meets security specifications.
logical perimeter
A conceptual perimeter that extends to all intended users of the system, both
directly and indirectly connected, who receive output from the system. without
a reliable human review by an appropriate authority. The location of such a
review is commonly referred to as an air gap.
long title
low impact
low-impact system
M
macro virus
A virus that attaches itself to documents and uses the macro programming
capabilities of the documents application to execute and propagate.
magnetic remanence
44
maintenance key
malicious applets
malicious code
malicious logic
malware
management controls
mandatory modification
45
manipulative communications
deception (C.F.D.)
manual cryptosystem
marking
masquerading
Key device with electronic logic and circuits providing the capability for
adding more operational CIKs to a keyset.
match/matching
media
media sanitization
Memorandum of
Understanding/Agreement (MOU/A)
memory scavenging
See checksum.
message digest
Information outside of the message text, such as the header, trailer, etc.
message indicator
mimicking (C.F.D.)
See spoofing.
46
misnamed files
mobile code
moderate impact
multilevel device
47
multi-releasable
mutual authentication
Condition in which two information systems need to rely upon each other to
perform a service, yet neither trusts the other to properly protect shared data.
N
National Information Assurance
Partnership (NIAP)
48
need-to-know
need-to-know determination
network
network access
49
network resilience
Area, room, or space that, when staffed, must be occupied by two or more
appropriately cleared individuals who remain within sight of each other. See
two-person integrity.
nonce
non-repudiation
null
Dummy letter, letter symbol, or code group inserted into an encrypted message
to delay or prevent its decryption or to complete encrypted groups for
transmission or transmission security purposes.
O
object
object reuse
50
off-line cryptosystem
one-part code
Code in which plain text elements and their accompanying code groups are
arranged in alphabetical, numerical, or other systematic order, so one listing
serves for both encoding and decoding. One-part codes are normally small
codes used to pass small volumes of low-sensitivity information.
one-time cryptosystem
one-time pad
one-time tape
Punched paper tape used to provide key streams on a one-time basis in certain
machine cryptosystems.
Hash algorithms which map arbitrarily long inputs into a fixed-size output
such that it is very difficult (computationally infeasible) to find two different
hash inputs that produce the same output. Such algorithms are an essential
part of the process of producing fixed-size digital signatures that can both
authenticate the signer and provide for data integrity checking (detection of
input modification after signature).
on-line cryptosystem
open storage
operational controls
operational key
operational waiver
operations code
51
optional modification
Entity within the PKI that authenticates the identity and the organizational
affiliation of the users.
outside(r) threat
An unauthorized entity outside the security domain that has the potential to
harm an information system through destruction, disclosure, modification of
data, and/or denial of service.
overt channel
overwrite procedure
A software process that replaces data previously stored on storage media with
a predetermined set of meaningless data or random patterns.
P
packet sniffer
parity
Information systems security mode of operation wherein all personnel have the
clearance, but not necessarily formal access approval and need-to-know, for all
information handled by an information system.
passive attack
passive wiretapping
52
password (C.F.D.)
patch management
penetration
See intrusion.
penetration testing
per-call key
perimeter
periods processing
perishable data
permuter (C.F.D.)
The process of creating and using a government-wide secure and reliable form
of identification for Federal employees and contractors, in support of HSPD
12, Policy for a Common Identification Standard for Federal Employees and
Contractors.
53
Physical artifact (e.g., identity card, smart card) issued to an individual that
contains stored identity credentials (e.g., photograph, cryptographic keys,
digitized fingerprint representation etc.) such that a claimed identity of the
cardholder may be verified against the stored credentials by another person
(human readable and verifiable) or an automated process (computer readable
and verifiable).
The management role that is responsible for registering human users, i.e., users
that are people.
phishing
plaintext
Unencrypted information.
First level of the PKI Certification Management Authority that approves the
security policy of each PCA.
A form of access control that uses an authorization policy that is flexible in the
types of evaluated parameters (e.g., identity, role, clearance, operational need,
risk, heuristics).
port scanning
Using a program to remotely determine which ports on a system are open (e.g.,
whether systems allow connections through those ports).
54
potential impact
precursor
A Key Management Infrastructure core node that provides the users central
point of access to KMI products, services, and information.
Senior official with authority and responsibility for all intelligence systems
within an agency.
private key
privilege
privileged account
privileged command
privileged process
55
privileged user
probability of occurrence
probe
The Key Management Infrastructure core node that provides central generation
of cryptographic key material.
profiling
Wire line or fiber optic system that includes adequate safeguards and/or
countermeasures (e.g., acoustic, electric, electromagnetic, and physical) to
permit its use for the transmission of unencrypted information through an area
of lesser classification or control.
protection philosophy
protection profile
protective packaging
protective technologies
protocol
56
proxy
An application that breaks the connection between client and server. The
proxy accepts certain types of traffic entering or leaving a network and
processes it and forwards it.
Note: This effectively closes the straight path between the internal and
external networks making it more difficult for an attacker to obtain internal
addresses and other details of the organizations internal network. Proxy
servers are available for common Internet services; for example, a Hyper Text
Transfer Protocol (HTTP) proxy used for Web access, and a Simple Mail
Transfer Protocol (SMTP) proxy used for e-mail.
proxy agent
proxy server
A server that services the requests of its clients by forwarding those requests to
other servers.
pseudonym
1.
A subscriber name that has been chosen by the subscriber that is not
verified as meaningful by identity proofing.
2.
Software not protected by copyright laws of any nation that may be freely used
without permission of, or payment to, the creator, and that carries no
warranties from, or liabilities to the creator.
public key
A cryptographic key that may be widely published and is used to enable the
operation of an asymmetric cryptography scheme. This key is mathematically
linked with a corresponding private key. Typically, a public key can be used to
encrypt, but not decrypt, or to validate a signature, but not to sign.
See certificate.
Encryption system that uses a public-private key pair for encryption and/or
digital signature.
57
The framework and services that provide for the generation, production,
distribution, control, accounting and destruction of public key certificates.
Components include the personnel, policies, processes, server platforms,
software, and workstations used for the purpose of administering certificates
and public-private key pairs, including the ability to issue, maintain, recover,
and revoke public key certificates.
public seed
purge
Q
quadrant
Quality of Service
R
Random Number Generator (RNG)
randomizer
read (C.F.D.)
reciprocity
58
records
records management
recovery procedures
RED
Red signal
Any electronic emission (e.g., plain text, key, key stream, subkey stream,
initial fill, or control signal) that would divulge national security information if
recovered.
Red Team
Red/Black concept
registration
A trusted entity that establishes and vouches for the identity of a subscriber to
a Credentials Service Provider (CSP). The RA may be an integral part of a
CSP, or it may be independent of a CSP, but it has a relationship to the
CSP(s).
re-key
release prefix
59
relying party
remanence
remediation
remote access
remote diagnostics/maintenance
remote rekeying
removable media
Portable electronic storage media such as magnetic, optical, and solid state
devices, which can be inserted into and removed from a computing device, and
that is used to store text, video, audio, and image information. Such devices
have no independent processing capabilities. Examples include hard disks,
floppy disks, zip drives, compact disks (CD), thumb drives, pen drives, and
similar USB storage devices.
replay attacks
residual risk
residue
Data left in storage after information processing operations are complete, but
before degaussing or overwriting has taken place.
60
responsibility to provide
risk
A form of access control that uses an authorization policy that takes into
account operational need, risk, and heuristics.
risk assessment
risk executive
(function)
61
risk management
risk mitigation
risk tolerance
robustness
role
rootkit
A security policy based on global rules imposed for all subjects. These rules
usually rely on a comparison of the sensitivity of the objects being accessed
and the possession of corresponding attributes by the subjects requesting
access. Also known as discretionary access control (DAC).
62
ruleset
S
safeguarding statement (C.F.D.)
safeguards
salt
sandboxing
sanitization
A general term referring to the actions taken to render data written on media
unrecoverable by both ordinary and, for some forms of sanitization,
extraordinary means.
scanning
scavenging
scoping guidance
secret key
A cryptographic algorithm that uses a single key (i.e., a secret key) for both
encryption and decryption.
63
secret seed
secure communications
A protocol used for protecting private information during transmission via the
Internet.
Note: SSL works by using a public key to encrypt data that's transferred over
the SSL connection. Most web browsers support SSL and many web sites use
the protocol to obtain confidential user information, such as credit card
numbers. By convention, URLs that require an SSL connection start with
https: instead of http:.
secure state
security
64
security association
security attribute
security banner
A banner at the top or bottom of a computer screen that states the overall
classification of the system in large, bold type. Also can refer to the opening
screen that informs users of the security implications of accessing a computer
resource.
security category
The set of minimum security controls defined for a low-impact, moderateimpact, or high-impact information system.
security controls
65
security domain
security engineering
security filter
security incident
See incident.
security inspection
security kernel
security label
security marking
security mechanism
66
security perimeter
security policy
security posture
security range
security requirements
Matrix that captures all security requirements linked to potential risks and
addresses all applicable C&A requirements. It is, therefore, a correlation
statement of a systems security features and compliance methods for each
security requirement.
security safeguards
security service
67
security target
seed key
sensitivity
Defines the specific responsibilities of the service provider and sets the
customer expectations.
68
shielded enclosure
short title
signature
signature certificate
A public key certificate that contains a public key intended for verifying
digital signatures rather than encrypting data or performing any other
cryptographic functions.
situational awareness
smart card
A credit card-sized card with embedded integrated circuits that can store,
process, and communicate information.
sniffer
social engineering
software
software assurance
spam
69
special character
`~!@#$%^&*()_+|}{:?><[]\;,./ - =
spillage
split knowledge
spoofing
spread spectrum
spyware
steganography
The art, science, and practice of communicating in a way that hides the
existence of the communication.
striped core
70
strong authentication
subassembly (C.F.D.)
subject
Sensitivity label(s) of the objects to which the subject has both read and write
access. Security level of a subject must always be dominated by the clearance
level of the user associated with the subject.
subscriber
Suite A
Suite B
superencryption
supersession
supply chain
71
suppression measure
Action, procedure, modification, or device that reduces the level of, or inhibits
the generation of, compromising emanations in an information system.
syllabary
Encryption algorithms using the same secret key for encryption and
decryption.
symmetric key
synchronous crypto-operation
system
72
Information systems security mode of operation wherein each user, with direct
or indirect access to the information system, its peripherals, remote terminals,
or remote hosts, has all of the following: 1) valid security clearance for all
information within an information system; 2) formal access approval and
signed nondisclosure agreements for all the information stored and/or
processed (including all compartments, sub compartments and/or special
access programs); and 3) valid need-to- know for some of the information
contained within the information system.
system indicator
system integrity
system interconnection
The direct connection of two or more information systems for the purpose of
sharing data and other information resources.
system owner
The formal document prepared by the information system owner (or common
security controls owner for inherited controls) that provides an overview of the
security requirements for the system and describes the security controls in
place or planned for meeting those requirements. The plan can also contain as
supporting appendices or as references, other key security-related documents
such as a risk assessment, privacy impact assessment, system interconnection
agreements, contingency plan, security configurations, configuration
management plan, and incident response plan.
A security control for an information system that has not been designated as a
common control or the portion of a hybrid security control that is to be
implemented within an information system.
T
73
tactical data
tactical edge
The platforms, sites, and personnel (U. S. military, allied, coalition partners,
first responders) operating at lethal risk in a battle space or crisis environment
characterized by 1) a dependence on information systems and connectivity for
survival and mission success, 2) high threats to the operational readiness of
both information systems and connectivity, and 3) users are fully engaged,
highly stressed, and dependent on the availability, integrity, and transparency
of their information systems.
tailoring
tampering
telecommunications
TEMPEST
TEMPEST zone
test key
74
threat
threat analysis
threat assessment
threat monitoring
threat source
time bomb
time-compliance date
time-dependent password
Set consisting of all hardware, software, and firmware of the TOE that must be
relied upon for the correct enforcement of the TOE Security Policy (TSP).
Set of rules that regulate how assets are managed, protected, and distributed
within the TOE.
token
Tradecraft Identity
An identity used for the purpose of work-related interactions that may or may
not be synonymous with an individuals true identity.
Program in which NSA acts as the central procurement agency for the
development and, in some cases, the production of INFOSEC items. This
includes the Authorized Vendor Program. Modifications to the INFOSEC
end-items used in products developed and/or produced under these programs
must be approved by NSA.
75
traffic padding
tranquility
Property whereby the security level of an object cannot change while the
object is being processed by an information system.
transmission
The state that exists when information is being electronically sent from one
location to one or more other locations.
trap door
Trojan horse
trust anchor
trust list
76
trusted certificate
A certificate that is trusted by the relying party on the basis of secure and
authenticated delivery. The public keys included in trusted certificates are used
to start certification paths. Also known as a trust anchor.
trusted channel
A channel where the endpoints are known and data integrity is protected in
transit. Depending on the communications protocol used, data privacy may be
protected in transit. Examples include SSL, IPSEC, and secure physical
connection.
Method for distributing trusted computing base (TCB) hardware, software, and
firmware components that protects the TCB from modification during
distribution.
trusted foundry
trusted path
trusted process
Process that has been tested and verified to operate only as intended.
trusted recovery
trusted timestamp
trustworthiness
77
TSEC nomenclature
System for identifying the type and purpose of certain items of COMSEC
material.
tunneling
Technology enabling one network to send its data via another networks
connections. Tunneling works by encapsulating a network protocol within
packets carried by the second network.
78
U
U.S. person
Federal law and executive order define a U.S. Person as: a citizen of the United
States; an alien lawfully admitted for permanent residence; an unincorporated
association with a substantial number of members who are citizens of the U.S. or
are aliens lawfully admitted for permanent residence; and/or a corporation that is
incorporated in the U.S.
U.S.-controlled facility
U.S.-controlled space
unauthorized access
unauthorized disclosure
unclassified
Information that has not been determined pursuant to E.O. 12958, as amended,
or any predecessor order, to require protection against unauthorized disclosure
and that is not designated as classified.
79
untrusted process
Process that has not been evaluated or examined for correctness and adherence
to the security policy. It may include incorrect or malicious code that attempts
to circumvent the security mechanisms.
update (certificate)
The act or process by which data items bound in an existing public key
certificate, especially authorizations granted to the subject, are changed by
issuing a new certificate.
update (key)
US-CERT
user
user ID
The person that defines the systems operational and functional requirements,
and who is responsible for ensuring that user operational interests are met
throughout the systems authorization process.
V
validation
variant
One of two or more code symbols having the same plain text equivalent.
verification
80
virus
A computer program that can copy itself and infect a computer without
permission or knowledge of the user. A virus might corrupt or delete data on a
computer, use e-mail programs to spread itself to other computers, or even
erase everything on a hard disk.
vulnerability
vulnerability analysis
vulnerability assessment
W
warm site
Backup site which typically contains the data links and pre-configured
equipment necessary to rapidly start operations, but does not contain live data.
Thus commencing operations at a warm site will (at a minimum) require the
restoration of current data.
web bug
Malicious code, invisible to a user, placed on web sites in such a way that it
allows third parties to track use of web servers and collect information about
the user, including IP address, host name, browser type and version, operating
system name and version, and web browser cookie.
White Team
81
wiki
Web applications or similar tools that allow identifiable users to add content
(as in an Internet forum) and allow anyone to edit that content collectively.
A standard that defines the way in which Internet communications and other
advanced services are provided on wireless mobile devices.
wireless technology
work factor
Workcraft Identify
worm
write (C.F.D.)
X,Y
X.509 Public Key Certificate
The public key for a user (or device) and a name for the user (or device),
together with some other information, rendered unforgeable by the digital
signature of the certification authority that issued the certificate, encoded in
the format defined in the ISO/ITU-T X.509 standard. Also known as X.509
Certificate.
Z
zero fill
zeroization
zeroize
82
zone of control
83
REFERENCES
The following documents were used in whole or in part as background material in development of this policy:
a. Public Law 107-347 [H.R. 2458], The E-Government Act of 2002, Title III, the Federal Information Security
Management Act of 2002, December 2002.
b. National Security Directive 42, National Policy for the Security of National Security Telecommunications and
Information Systems, July 1990
c.
CNSSI No. 4016, National Information Assurance Training Standard for Risk Analysts, November 2005.
d.
e. Committee on National Security Systems Instruction (CNSSI) No. 4009, National Information Assurance
Glossary.
f.
Public Law 108-458, Intelligence Reform and Terrorism Act of 2004, December 2004.
g.
Executive Order 13526, Classified National Security Information, December 29, 2009.
h.
Executive Order 13231, Critical Infrastructure Protection in the Information Age, October 2001.
i. Executive Order 13388, Further Strengthening the Sharing of Terrorism Information to Protect Americans,
October 2005.
j. Office of Management and Budget Transmittal Memorandum No. 4, Circular A-130, Management of Federal
Information Resources, November 2000.
k.
l. Director of Central Intelligence Directive 6/3, Protecting Sensitive Compartmented Information Within
Information Systems Manual, June 1999.
m. Federal Information Processing Standard Publication 200, Minimum Security Requirements for Federal
Information and Information Systems, March 2006.
n. Federal Information Processing Standard Publication 199, Standards for Security Categorization of Federal
Information and Information Systems, February 2004
o. National Security Telecommunications and Information Systems Security Directive No. 501, National Security
Program for Information Systems Security (INFOSEC) Professionals, November 1992.
p.
2005.
CNSS Policy No. 6, National Policy on Certification and Accreditation of National Security Systems, October
q.
CNSS Directive No. 502, National Directive on Security of National Security Systems, December 2004.
r.
s. CNSSI No. 4014, Information Systems Security Officers National Information Assurance Training Standard,
March 2004.
84
t. National Institute of Standards and Technology (NIST) IR 7298, Glossary of Key Information Security Terms,
April 2006
u.
v.
2002.
NIST SP 800-100, Information Security Handbook: A Guide for Managers, October 2006.
National Institute of Standards and Technology (NIST) Special Publication (SP) 800-30, Risk Management, July
w. NIST (SP) 800-53, Rev 3, Recommended Security Controls for Federal Information Systems and Organizations,
Aug 09
x.
Official (ISC)2 guide to the CISSP CBK: (ISC)2 Press / Harold F. Tipton, Kevin Henry
y. Intelligence Community Directive 503, Information Technology Systems Security Risk Management, Certification
and Accreditation, 15 Sep 2008
z. Intelligence Community Policy Guidance No. 503.1, Information and Information Systems Security Governance
Roles and Responsibilities (draft)
aa. NIST SP 800-37, Guide for the Security Authorization of Federal Information Systems, Rev 1, 2010
bb. CNSS Policy No. 22, Risk Management Policy for National Security Systems, March 2009
cc. RFC 4949, Internet Security Glossary, Version 2, August 2007
85
ACL
2.
ADP
3.
AES
4.
AIG
(C.F.D.)
5.
AIN
6.
AK
7.
AKP
8.
AKD/RCU
9.
ALC
10.
AMS
1. Auto-Manual System
2. Autonomous Message Switch
11.
ANDVT
12.
ANSI
13.
APC
14.
APU
15.
ASCII
16.
ASSIST Program
17.
AS&W
18.
ATC
Approval to Connect
19.
ATM
20.
ATO
Approval to Operate
21.
AUTODIN
22.
AVP
23.
BoE
Body of Evidence
24.
BCP
25.
BIA
26.
BMA
86
27.
C2
28.
C3
29.
C3I
30.
C4
31.
CA
1.
2.
3.
4.
5.
32.
C&A
33.
CAC
34.
CAW
35.
CC
Common Criteria
36.
CCB
37.
CCEP
38.
CCEVS
39.
CCI
40.
CCO
41.
CD
Compact Disc
42.
CDS
43.
CEOI
44.
CEPR
45.
CER
46.
CERT
47.
CFD
48.
CIAC
49.
CIK
50.
CIO
51.
CIP
52.
CIRC
53.
CIRT
54.
CISO
Controlling Authority
Cryptanalysis
COMSEC Account
Command Authority
Certification Authority
87
55.
CKG
56.
CKL
57.
CMCS
58.
CNA
59.
CND
60.
CNE
61.
CNO
62.
CNSS
63.
CNSSAM
64.
CNSSD
65.
CNSSI
66.
CNSSP
67.
COG
Continuity of Government
68.
COI
Community of Interest
69.
COMPUSEC
Computer Security
70.
COMSEC
Communications Security
71.
CONOP
Concept of Operations
72.
COOP
73.
COR
74.
COTS
Commercial off-the-shelf
75.
CP
Certificate Policy
76.
CPS
77.
CPU
78.
CRC
79.
CRL
80.
Crypt/Crypto
Cryptographic-related
81.
CSA
82.
CSE
83.
CSIRT
84.
CSN
85.
CSP
88
86.
CSS
1.
2.
3.
4.
87.
CSSO
88.
CSTVRP
89.
CTAK
90.
CT&E
91.
CTTA
92.
CUI
93.
CUP
94.
CVE
95.
DAA
1.
2.
3.
96.
DAC
97.
DAMA
98.
DAR
Data-at-Rest
99.
DCID
100.
DCS
DDoS
102.
DDS
103.
DEA
104.
DES
105.
DHCP
106.
DIACAP
107.
DISN
108.
DITSCAP
109.
DMA
110.
DMS
111.
DMZ
Demilitarized Zone
89
112.
DN
Distinguished Name
113.
DOC
Delivery-Only Client
114.
DoS
Denial of Service
115.
DRP
116.
DSA
117.
DSN
118.
DSVT
119.
DTLS
120.
DTD
121.
DTS
122.
DUA
123.
EA
Enterprise Architecture
124.
EAL
125.
EAM
126.
ECCM
Electronic Counter-Countermeasures
127.
ECM
Electronic Countermeasures
128.
ECPL
129.
ECU
130.
EDAC
131.
EFD
132.
EFTO
(C.F.D.)
133.
EIEMA
134.
EKMS
135.
ELINT
Electronic Intelligence
136.
E Model
137.
EMSEC
Emission Security
138.
EPL
139.
EPROM
140.
ERTZ
90
141.
ETPL
142.
FAR
143.
FBCA
144.
FDIU
145.
FEA
146.
FIPS
147.
FISMA
148.
FMR
149.
FNMR
150.
FOCI
151.
FOUO
152.
FRR
153.
FSRS
154.
FSTS
155.
FTS
156.
FTAM
157.
FTLS
158.
GCCS
159.
GETS
160.
GIG
161.
GII
162.
GOTS
Government-off-the-Shelf
163.
GPS
164.
GSS
165.
GTS
166.
GWEN
167.
HAIPE
168.
HMAC
169.
HSPD
170.
HTTP
171.
IA
Information Assurance
172.
I&A
91
173.
IAB
174.
IAC
175.
IAM
176.
IAO
177.
IATO
178.
IATT
179.
IAVA
180.
IBAC
181.
IC
Intelligence Community
182.
ICANN
183.
ICVA
184.
ICU
185.
IDS
186.
IEMATS
187.
IFF
188.
IFFN
189.
ILS
190.
INFOSEC (C.F.D.)
191.
IO
Information Operations
192.
IP
Internet Protocol
193.
IPM
Interpersonal Messaging
194.
IPSec
IP Security
195.
IPSO
196.
IRM
197.
IS
Information System
198.
ISA
199.
ISDN
200.
ISE
201.
ISSE
202.
ISSM
203.
ISSO
204.
IT
Information Technology
92
205.
ITAR
206.
ITSEC
207.
IVA
208.
IV&V
209.
KAK
Key-Auto-Key
210.
KDC
211.
KEK
212.
KG
Key Generator
213.
KMC
214.
KMI
215.
KMID
216.
KMODC
217.
KMP
218.
KMS
219.
KOA
220.
KP
Key Processor
221.
KPC
222.
KPK (C.F.D.)
223.
KSD
224.
LAN
225.
LEAD
226.
LMD
227.
LMD/KP
228.
LOCK
229.
LPC
230.
LPD
231.
LPI
232.
LRA
233.
LRIP
234.
LSI
93
235.
MAC
1.
2.
3.
4.
236.
MAN
1. Mandatory Modification
2. Metropolitan Area Network
237.
MER
238.
MGC
Management Client
239.
MHS
240.
MI
Message Indicator
241.
MIB
242.
MIME
243.
MINTERM
Miniature Terminal
244.
MISSI
245.
MitM
Man-in-the-Middle Attack
246.
MLS
Multilevel Security
247.
MOU/A
Memorandum of Understanding/Agreement
248.
MSE
249.
MSL
250.
NACAM
251.
NACSI
252.
NACSIM
253.
NAK
Negative Acknowledgement
254.
NCCD
255.
NCS
256.
NCSC
257.
NIAP
258.
NII
259.
NISAC
260.
NIST
261.
NLZ
No-Lone Zone
94
262.
NSA
263.
NSD
264.
NSDD
265.
NSEP
266.
NSI
267.
NSS
268.
NSTAC
269.
NSTISSAM
270.
NSTISSC
271.
NSTISSD
272.
NSTISSI
273.
NSTISSP
274.
NTCB
275.
NTIA
276.
NTISSAM
277.
NTISSD
278.
NTISSI
279.
NTISSP
280.
NVD
281.
OADR
282.
OPCODE
Operations Code
283.
OPSEC
Operations Security
284.
ORA
285.
OSI
286.
OTAD
287.
OTAR
Over-the-Air Rekeying
288.
OTAT
95
289.
OTP
One-Time Pad
290.
OTT
One-Time Tape
291.
PAA
292.
PAL
293.
PBAC
294.
PBX
295.
PC
Personal Computer
296.
PCA
297.
PCIPB
298.
PCMCIA
299.
PDA
300.
PDR
301.
PDS
302.
PED
303.
PES
304.
PIA
305.
PII
306.
PIN
307.
PING
308.
PIV
309.
PKC
310.
PKE
311.
PKI
312.
PKSD
313.
P model
Preproduction Model
314.
PNEK
315.
POA&M
316.
PPL
317.
PRBAC (C.F.D.)
318.
PRM
96
319.
PRNG
320.
PROM
321.
PROPIN
Proprietary Information
322.
PRSN
323.
PSN
324.
PWDS
325.
RA
Registration Authority
326.
RAdAC
327.
RAMP
328.
RBAC
329.
RMF
330.
RNG
331.
ROM
Read-Only Memory
332.
RVTM
333.
SA
System Administrator
334.
SABI (C.F.D.)
335.
SAISO
336.
SAML
337.
SAO
338.
SAP
339.
SAPF
340.
SARK
341.
SBU
342.
SCADA
343.
SCAP
344.
SCI
345.
SCIF
346.
SDLC
347.
SDNS
348.
SDR
349.
SFA
97
350.
SHA
351.
SFUG (C.F.D.)
352.
SI
Special Intelligence
353.
SISS
354.
S/MIME
355.
SMTP
356.
SMU
357.
SoM
Strength of Mechanism
358.
SPK
359.
SRR
360.
SRTM
361.
SSAA
362.
SSL
363.
SSO
364.
SSP
365.
ST&E
366.
STE
367.
STS
368.
STU
369.
TA
1. Traffic Analysis
2. Trusted Agent
370.
TACTERM
Tactical Terminal
371.
TAG
372.
TCB
373.
TCP/IP
374.
TED
375.
TEK
376.
TEP
377.
TFM
378.
TFS
379.
TLS
Top-Level Specification
380.
TOE
Target of Evaluation
98
381.
TPC
Two-Person Control
382.
TPEP
383.
TPI
Two-Person Integrity
384.
TRANSEC
Transmission Security
385.
TRB
386.
TRI-TAC
387.
TRM
388.
TSABI
(C.F.D.)
389.
TSCM
390.
TSEC
Telecommunications Security
391.
TSF
392.
TSP
393.
TTAP
394.
UA
User Agent
395.
UIS
396.
UPP
397.
USB
398.
VoIP
399.
VPN
400.
WAN
401.
WAP
402.
WEP
403.
WPA2
404.
XML
99